This script creates a new user and adds the user to a role on the ESX host:
$NewUser = '_New_user_name_'
$NewUserPassword = '_New_user_Password_'
$NewUserDesc = '_New_user_description_'
$HOSTCredentials = Get-Credential -Credential root
$ESXhost = '_My_ESX_HOST_'
Connect-VIServer $ESXhost -Credential $HOSTCredentials
New-VMHostAccount -Id $NewUser -Password $NewUserPassword -Description $NewUserDesc -UserAccount -Server $ESXhost -AssignGroups users
$AuthMgr = Get-View (Get-View ServiceInstance).Content.AuthorizationManager
$Entity = Get-Folder ha-folder-root | Get-View
$Perm = New-Object VMware.Vim.Permission
$Perm.entity = $Entity.MoRef
$Perm.group = $false
$Perm.principal = $NewUser
$Perm.propagate = $true
# You can either specify roleID or use the line below if you know the role name.
# $Perm.roleId = ($AuthMgr.RoleList | where {$_.Name -eq "ReadOnly"}).RoleId
$Perm.roleId = "-2"
$AuthMgr.SetEntityPermissions($Entity.MoRef,$Perm)
Disconnect-VIServer -Server $ESXhost -Confirm:$false
Here is the list of common roles / role IDs:
RoleName Label RoleId -------- ----- ------ NoAccess No access -5 Anonymous Anonymous -4 View View -3 ReadOnly Read-only -2 Admin Administrator -1 VirtualMachinePowerUser Virtual machine power user (sample) 4 VirtualMachineUser Virtual machine user (sample) 5 ResourcePoolAdministrator Resource pool administrator (sample) 6 VMwareConsolidatedBackupUser VMware Consolidated Backup user (sample) 7 DatastoreConsumer Datastore consumer (sample) 8 NetworkConsumer Network consumer (sample) 9
For the full list of Roles you have in your environment please use this script:
$report =@()
$authMgr = Get-View AuthorizationManager
foreach($role in $authMgr.RoleList){
$row = "" | Select RoleName, Label, RoleId
$row.RoleName = $role.Name
$row.Label = $role.Info.Label
$row.RoleId = $role.RoleId
$report += $row
}
$report
Recent Comments